Daily Tech Observations 10

Tracing App Status Germany

While some of the restrictions are slowly being removed and public life resumes to some extent due to the decreasing infection numbers, there is some movement in the discussion around the tracing app(s). In Germany we dont have an app released yet and it is questionable if a significant volume of citizens will buy-in the contact tracing while the peak of epidemy in Germany has passed already, though a second wave could come. The announced cooperation of Deutsche Telekom and SAP target a release date in June. I still have doubts, the usual workflow of huge companies are not known for planning, designing and releasing in production within a couple of weeks. We will see. At least they started to document and release info on Github under the project title Corona-Warn-App. They adopt the decentral approach with DP-3T and TCN and will fully comply with GDPR. SAP develops app and backend, Telekom provides infrastructure.
At the same time we have at least two other groups, both projects of the #WirVsVirus Hackathon by the German government a few weeks back, working on tracing apps. ITO (github) creating a decentral solution and OHIOH (github) creating a server-centric solution. Others are Gretel, Predict-19 and Infection Chain. Some of the initiatives already became inactive or are stopped by now.
The main challenges, there is no standard for data exchange, not for Germany and none for international exchange. With too many apps and too little adoption there is a high risk of failing. Though I support all the activities, at least the teams get attentions and it might help to form or push start-up’s.

IBM Call for Code

IBM runs a challenge and supports selected teams to build solutions to replace physical queues by on-demand virtual lines. A different and interesting scope that looks beyond the current situation and attacks social distancing aspects. Find more info here.

Covid-19 Epidemic Forecasting

There are few sites run by research institutes predicting the further development of infection, R and death figures. The below list is from the Singapore University of Technology and Design (SUTD). They stopped publishing their predictions to public.

Google Community Report

Google is still publishing, the latest report dated May 14th.

Image by Free-Photos on Pixabay.

Daily Tech Observations 9

Tracing Apps Overview

About 35 countries released apps in the COVID-19 context, roughly half of them actually perform some kind of tracing or tracking using either GPS, Bluetooth or both. I reviewed some of them with the information that you find in the Google Play Store in regards of rating, no. of installations and permissions. I could not find any app that has a penetration of more than 5% (Android only), rather lower, and the success of such an app grows with the userbase.

Random samples:
(Numbers for Android apps only, Apple is not releasing the number of installations)

  • Stopp Corona (Austria), ~9.000.000 population and 100.000+ downloads
  • eRouška (Czech Republic), ~11.000.000 population and 100.000+ downloads
  • Aarogya Setu (India), ~1.300.000.000 population and 50.000.000+ downloads

Reference: Population by Worldbank

I noticed some apps are very generous with permissions, also asking for identity, phone number, contact list, all on top of GPS and Bluetooth.

Tracing Apps Details

Thanks to AppBrain you can get more information about individual apps. You can see the underlying libraries used and communication channel. It seems most of the apps make use of Google Firebase Messaging for the push part.

Sample: Dev libs for Stopp Corona (Austria)

Here as sample the details for the Stopp Corona App from Austria taken from the respective AppBrain page. We can see GCM (now Firebase) for messaging, the cryptographic lib Bouncy Castle, the JSON lib MOSHI.
At least none of the apps I have looked at so far, use social or Ad network libraries.

German Tracing App Status

While other countries have a headstart, Germany is falling behind. Despite news stating German Telekom and SAP joining the initiative, there seems to be no schedule, commitment and definitely no budget yet. I fear this will become a humongous project with 90% consultancy. We have existing open source applications following DP-3T as guidance, a small team of less than 15 people can produce an app in short time, and still comply with GDPR and security in place. My take.

COVID-19 Data

Latest Google Community Report was released on May 1st.

Stay safe and tuned.

Image by Free-Photos from Pixabay

Daily Tech Observations 8

Corona Tracing App Strategy Change

The German government moved away from the central data approach and the PEPP-PT initiative to a decentral solution. Seems they do not want to wait further on the non-commercial approach by a bigger group and hope the two huge companies SAP and Telekom can come up with an app. Looking forward to see the result, I doubt we will see anything released for another 8 weeks, being optimistic. A lot of countries have a head start here, see my overview post.

Questions I have:
The list of “infected ID’s” has to be updated regularly, potentially a growing list with many records need to be polled every hour ?!
How would you push the info to devices (in the case of infected contacts) ?
Use Google’s Firebase FCM ?

Reference:

Tracing Apps across the globe

There are about 40+ apps in various countries around the globe, adopting different protocols, some are open-source, some are propietary, most of them are in the Android Playstore, some are released as apk-files only.
In some countries we see multiple (contact tracing) solutions at the start, India with 4, Italy 3 and US 3. In the EU with have at least 10 different apps. There is no way to trace beyond the boundaries of individual countries. Have a look at my overview here.

Daily Tech Observations 7

PEPP-PT

There has been some movement in the Pan-European Privacy-Preserving Proximity Tracing project over the last few days. Earlier it was announced an app would be released after the Easter period. This has not happened so far, some of the project partners have even pulled out (reference). The project is driven by the Arago founder Chris Boos.
Though the app is not out, both documentation and some sourcecode has been released under Mozilla Public License on github. This is a good move, it creates transparency and allows to fork the project if needed. I have not seen other projects in the same tracing space to release their sourcecode. Time to have some hands-on with the sourcecode, more in an upcoming post.

ROBERT Protocol

The ROBust and privacy-presERving proximity Tracing protocol (ROBERT) by Inria and Fraunhofer Institute. Both are member of the PEPP-PT tracing project but the documentation can or should be the base for any implementation of a tracing app. Find the documents at github. This is the only way forward to create transparent apps that will be accepted by general public. Highly recommended reading.
It is key to differentiate between the centralised and decentralised approach, read more here.

DP-3T

As the ROBERT protocol is a solution with a central component, there is also a group proposing the a decentralised approach, DP-3T – Decentralized Privacy-Preserving Proximity Tracing. This proposal is aligned with the mutual Apple-Google proposal. Also highly recommended reading. Sourcecode is available on github as well.
Drop by the comic style explanation by Nicky Case.

By Nicky Case (CC-0)

TCN Protocol

Similar to DP-3T , there is TCN (Temporary Contact Numbers,) a decentralized, privacy-first contact tracing protocol. Find the specification here.

Open-Source Corona Apps

Two mobile apps have been released in the US

COVID-19 Data

More Research and Whitepapers

Daily Tech Observations 6

Google Community Mobility Reports

The latest report was released on April 16th. On top of the individual PDF files for each country you also can download a CSV file with all the data. With the CSV file at hand it is easier to compare countries or regions against each other and detect when lockdown came in place etc. Time to spin up your favourite visualization tool or for some hands-on Pandas-Bokeh action.

Tracing Apps

Despite announcing the release of such an app after Easter, there is nothing released yet. It is a challenge to release such an app, once pushed out to public you cant reverse or make significant changes to the key exchange algorithm etc. The rotating key mechanism need to be waterproof to avoid any tracking or identifying of persons just by looking at the local data storage and ‘wardriving’. Personally I believe no one want to do another quick shot like the ‘Datenspende-App’ (see next topic) and stay compliant with the below requirements. I highly recommend to read the read the contact-tracing-apps requirements by..

At all cost privacy has to be protected and we do not want any contact tracing in any non-health related crisis situations, eg. to be used to trace contacts in recent Hong-Kong events or during the Arab Spring in 2010.

I am very curious if and how they will release the source code for such an app.

Datenspende App

The RKI released the Datenspende app using anonymously health data from smart watches etc. (see previous post). Unfortunately they triggered a partially controversial discussion in media due to the fact that the usage of the data was not stated clearly enough, the app is implemented as closed-source by an external company and a few other problems like the lack of support of many health trackers. This resulted in quite a number of 1* ratings (refer to AppBrain). Though I absolutely believe in their good intentions and the good use of the data, RKI just had a bad start with this.

AppBrain Statistics

Google cooperating with Apple

Certainly makes most sense to have the same API features on OS level, though I am not sure how to publish this. Through an OS Update ? Here we would rely on the mobile phone manufacturers, quite a large number of phones have fallen out of the support cycles. Have a look at the specifications at the Apple website.

DIY Project: Create a Tracking and Tracing App Part 2

The tracing of contacts through mobile apps became the Number One hot topic in the last few days, governements and institutes of the EU countries are still working on technical solutions to trace transmissions of SARS-CoV-2 (though a bit late for the first wave that has hit most countries worldwide). At the same time there is an intense debate about these apps in terms of data usage, privacy, etc. The apps wont stop the spread or protect the person using the app but they should help to keep the situation under control in the times to come, maybe as a permanent tool to stay for a long period. Even more important not to build a tracking tool following examples of more authoritian states, but to have a solution that protect privacy.

In this blog series, looking at the technical aspects, we still touch both tracing and tracking for the matter of the discussion. In the last post we only touched the Bluetooth basics, now get into discovering nearby devices.

Android to discover Bluetooth devices

About device discovery

  • Discovery of Bluetooth devices is the step before pairing and coummunicating with another device. We can scan for nearby devices without the other devices (its owner) noticing it.
  • But for classic Bluetooth, the device need to be set to discoverable by its user, usually only for a limited period. It is consuming additional energy and would drain the battery faster if left on permanently (putting aside security concerns, see references).
  • BLE works like a beacon permanently being discoverable, certain location type application work like this, eg. to help navigate in buildings equipped with beacons.
  • The 3 key device attributes when discovering devices:
    Name: Not unique, just a label, can be set/changed by the user.
    MAC: The unique identifier (see previous post)
    Signal strength in dBm (more about this later)

Discover classic Bluetooth devices

We need to register a broadcast receiver and listen to the intents for discovery start and end. The discovery need to be triggered, it will run for about 12 seconds.

Register BC Receiver

private void initBCReceiver(){
	final BroadcastReceiver mReceiver = new BroadcastReceiver()
	{
		@Override
		public void onReceive(Context context, Intent intent){
			String action = intent.getAction();
			if (BluetoothDevice.ACTION_FOUND.equals(action))
			{
				BluetoothDevice device = intent.getParcelableExtra(BluetoothDevice.EXTRA_DEVICE);
				int rssi = intent.getShortExtra(BluetoothDevice.EXTRA_RSSI,Short.MIN_VALUE); // dBm
				System.out.println("Found: " + device.getName() + "," + device.getAddress() + "," +  rssi);
			} else if (BluetoothAdapter.ACTION_DISCOVERY_STARTED.equals(action)){
				System.out.println("ACTION_DISCOVERY_STARTED");
			} else if (BluetoothAdapter.ACTION_DISCOVERY_FINISHED.equals(action)){
				System.out.println("ACTION_DISCOVERY_FINISHED");
			}
		}
	};

	IntentFilter filter = new IntentFilter();
	filter.addAction(BluetoothDevice.ACTION_FOUND);
	filter.addAction(BluetoothDevice.ACTION_PAIRING_REQUEST);
	filter.addAction(BluetoothAdapter.ACTION_DISCOVERY_STARTED);
	filter.addAction(BluetoothAdapter.ACTION_DISCOVERY_FINISHED);

	registerReceiver(mReceiver, filter);
}

Now trigger the discovery

bAdapter.startDiscovery();
Discover Classic BT devices

Discover BLE devices

The BLe devices (beacons) constantly send their signal, we can pick it up in an async thread. The Android BT library supports this with less than 15 lines of code to capture the devices. Implement the callback and start/stop the scanning.

private ScanCallback leScanCallback = new ScanCallback() {
	@Override
	public void onScanResult(int callbackType, ScanResult result) {
		System.out.println(result.getDevice().getAddress() + "-" + result.getDevice().getName() + " rssi: " + result.getRssi() + "\n");
	}
};

public void startScanning(View view) {
	System.out.println("start scanning");
	AsyncTask.execute(new Runnable() {
		@Override
		public void run() {
			btScanner.startScan(leScanCallback);
		}
	});
}

public void stopScanning(View view) {
	System.out.println("stopping scanning");
	AsyncTask.execute(new Runnable() {
		@Override
		public void run() {
			btScanner.stopScan(leScanCallback);
		}
	});
}
Discover BLE devices

Interesting observations:
– The MS Designer Mouse is operating in both classic and BLE mode.
– The signal strength of devices can change without being physically being moved.

Conclusion

  • The Bluetooth classic mode is not feasible for the tracing requirement. It would drain batteries quickly and we cant disnguish between phones and other devices using solely the MAC (though we could identify manufacturers).
  • We need to consider the BLE peripheral model for our tracing app. Remember, we need to capture the unique key from another nearby user of the app, we cant achieve this without basic 2 way communication between the two apps.

Fun Facts

Stay safe and tuned..

References

Image by Free-Photos from Pixabay.

Daily Tech Observations 5

COVID-19 Apps

No (EU) country has yet released an official tracing app, the efforts are still ongoing. No news from the PEPP-PT project. Google’s Playstore has one addition entry by the WHO as a central source for information.

Google and Apple joining forces

The two giants start to cooperate in the light of the crisis. Find more info at the Google blog, the Apple Newsroom or at MIT Tech Review. Around the tracing topic they seem to settle the compatibility issues between the iODS and Android platform in regards of Bluetooth.

Community Mobility Reports

Google continues to release the mobility reports per country and state. The latest release is of April 5th. The reports are provided as PDF and CSV file. One interesting insight to share, comparing UK and Germany. It seems German citizens are rushing to the parks and the outdoors.

Mobility UK
Mobility Germany

Daily Tech Observations 4

COVID-19 Apps

In the German Google Playstore we find one new app, the Corona-Datenspende. Released by the Robert-Koch-Institute the app uses data from smartwatches and fiteness tracker devices. It claims to be 100% anonymous, voluntary and compliant with GDPR regulations. According to their website 50.000 users already downloaded the app that correlate a potential infection with certain activity, heartrate and other values received from these devices. They still struggle with the support of the wide range of devices in the market but plan to support more manufacturers and devices asap. A good approach, we should use any opportunity to fight the spread.

COVID-19 Apps in Singapore

While we have to comply with GDPR in the EU and have to count on the participation and voluntary contribution of its citizen to use the app, Singapore released an app, Homer, that infected patients have to use when ordered to home-quarantine. You have to virtually report your home presence every few hours to the authorities. A strict move, but 100% in line with the local legislation in a highly populated country where the spread must stay under control. The third app, SwiftMed, is a contact tracing app for frontline officers.

#WirVsVirus Hackathon Results

I highlighted the hackathon organized by the government in one of my previous posts. You can see short pitches for each idea that made it to the finals in this YouTube playlist plus the other apps that didnt make into the finals (all in German language, use english subtitles if you need to). Good for some inspiration, it shows what different kind of ideas people can come up with in short time.

Other useful links

The website Visualcapitalist list a number of interesting visualizations around the COVID-19 topic. Highly recommended.

Most of the infection spread and distribution data is available at a couple of websites:

Stay safe and tuned..

Daily Tech Observations 3

Google releases Comunity Reports

Google released a report for each country they are collecting users movement data in an aggregated form. It reveals the popular places, compared to an earlier time frame in February 2020. The data of the current report was released on March 29th summarizing the movement of the 2..3 days before the report. Very drastic the differences between Italy and US, you can clearly see how one country after another only starts to shut down public life. A excellent use of the data with full respect to privacy.

Italy (March 29th report)
US (March 29th report)

Path Inaccuracy – Mobile Phone in the pocket

I noticed the accuracy of the path (recorded by Android/Google) depends a lot on the phone’s exposure to the GPS signal (no surprise). The below sample path (carrying the phone in the pocket of my jacket) demonstrates this. The red/orange dots reflect the correct path, while the blue line is the Google interpretation, obviously interpolating a straight line between location recordings. It works better for places where I have been stationary for a while. Take-away: With Googles location tracking alone we don’t achieve enough accuracy to stop the infection by identifying meeting points or overlaps of data.

Sample Path

Note: This is not a comment against Google or the tracking feature, it highlights potential weakness in the data acquisition process. The feature is an optional setting and can be switched on and off in the configuration of any Android phone.

Daily Tech Observations

As the pandemic crisis continues, more discussion, data exchange and research is happening and progressing in the digital space. I wont mention the massive increase of security threads here (reference info at Trendmicro), but rather look at the non-malicious activities.

PEPP-PT

The PEPP-PT (Pan-European Privacy-Preserving Proximity Tracing) project around a number of prominent research institutes across Europe is working on a proximity-based solution utilising BLE technology embedded in mobile phones. It will be in line with GDPR regulations and to be used on a voluntary base. It is supposed to track and report your whereabouts adn nearby other app users to a server anonymously only, and inform you when you have been close to an infected person, all that without using personal information, which is the key concern of many parties. A key element for the success of such a solution is the penetration factor. It need to build up a database with a significant number of users and traces. Instead of releasing yet another app, they try to piggyback into existing apps, such as NINA (an app to publish and warn about local dangerous incidents in Germany). It has not been published yet, I assume the technical field test was successful is reported, still they have to sort out the communication channels in the case of an infected user.

COVID-19 Apps

There are no new apps in the Google Playstore since my last post, though I have to correct the app I mentioned previously, TraceTogether, only appears for Singapore based accounts. In the German Playstore we see two apps, the app “COVID-19” transmits the status of a COVID test to the respective user, only reducing the need to physically visit a place to retrieve the results. The other app, Coronika, tries to assist individuals to trace their locations and contacts.

Google to hand over anonymous location data

Google and the other big players are in active talks in various countries with the respective authorities about releasing data, either aggregated or anonymous or both. Depends very much on the local regulations. In the context of stopping the pandemy this would provide valuable insights. Aggregated data can help to identify streams of persons or hotspots of too many people in the same area or similar. If anonymization alone is good enough to protect personal data, I would question, the trace that everyone leaves with an Android phone (location services enabled) would easily allow to identify an individual or a small group, you just look at regularly visited places to identify someone’s home or office etc.

You know you can not only see your traces in Google Maps but also export the data (as well delete it permanently if you want) with the Take-Out feature?

Your Timeline – Google Maps
Take Out – Personal Google Maps Data

You are looking for some well formatted data to play with ? Download your own location data and have some hands-on datascience exercise. Easy to request and download, all nicely packaged in self-explaining JSON formatted monthly files.

Stay tuned and safe !